Skip to content

Propose vote to unblock --env-file PRs (#1577) #31

Propose vote to unblock --env-file PRs (#1577)

Propose vote to unblock --env-file PRs (#1577) #31

Workflow file for this run

name: Initiate new vote
on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
paths:
- votes/initiateNewVote/_EDIT_ME.yml
push:
branches:
- initiateNewVote
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: false
jobs:
lint-vote-init-file:
if: github.event.pull_request && github.event.pull_request.draft == false
permissions:
contents: write
pull-requests: write
repository-projects: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
# If the subject is still REPLACEME, that would mean it's a PR to modify
# the sample file, not a PR initializing a vote.
- run: '! grep -q "subject: REPLACEME" votes/initiateNewVote.yml'
- name: Validate YAML and ensure there are more than 1 candidate
run:
npx js-yaml votes/initiateNewVote.yml | jq '.candidates | unique |
length > 1 or error("Not enough candidates")'
- name: Change base branch
if: github.base_ref == github.event.repository.default_branch
run: |
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/${{ github.repository }}/git/refs \
-f ref='refs/heads/initiateNewVote' \
-f sha='${{ github.event.pull_request.base.sha }}' || true
gh pr edit ${{ github.event.pull_request.html_url }} --base 'initiateNewVote'
env:
GITHUB_TOKEN: ${{ github.token }}
initiate-new-vote:
if: github.event.pusher
permissions:
contents: write
pull-requests: write
repository-projects: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 2
- name: Extract info from the pushed file
id: data
run: |
npx js-yaml votes/initiateNewVote/_EDIT_ME.yml > data.json
echo "json_data<<EOF" >> "$GITHUB_OUTPUT"
cat data.json >> "$GITHUB_OUTPUT"
echo "EOF" >> "$GITHUB_OUTPUT"
echo "branchName=votes/$(node -p 'require("./data.json")["path-friendly-id"] || crypto.randomUUID()')" >> "$GITHUB_OUTPUT"
node >> "$GITHUB_ENV" <<'EOF'
'use strict';
const { createHash } = require('node:crypto');
const { candidates } = require("./data.json");
for (let i = 0; i < candidates.length; i++) {
const delimiter = createHash('sha256').update(candidates[i], 'utf8').digest('base64');
console.log(`__CANDIDATES_${i}<<${delimiter}`)
process.stdout.write(candidates[i]);
process.stdout.write(`\n${delimiter}\n`);
}
console.log('__CANDIDATES<<EOF');
for (let i = 0; i < candidates.length; i++) {
console.log(`--candidate "$__CANDIDATES_${i}" \\`);
}
if (candidates.length) console.log('');
console.log('EOF');
EOF
- name: Reset to the base branch
run: git fetch origin HEAD && git reset FETCH_HEAD --hard
- name: Install npm dependencies
run: npm install @node-core/caritat
- name: Configure git
run: |
git config --global user.email "[email protected]"
git config --global user.name "Node.js GitHub Bot"
- name: Configure and (re)start GPG agent
shell: bash
run: |
if [ -f /usr/lib/systemd/user/gpg-agent.service ]; then
mkdir ~/.gnupg
cat <<EOT >> ~/.gnupg/gpg-agent.conf
allow-preset-passphrase
default-cache-ttl 60
max-cache-ttl 50
EOT
chmod 600 ~/.gnupg/*
chmod 700 ~/.gnupg
systemctl --user restart gpg-agent
else
gpg-agent --daemon --allow-preset-passphrase \
--default-cache-ttl 60 --max-cache-ttl 60
fi
- name: Generate the vote init commit
run: |
./votes/initiateNewVote/generateNewVote.mjs \
--remote origin \
--github-repo-name "$GITHUB_REPOSITORY" \
--vote-repository-path . \
--branch "$__BRANCH" \
--subject "$__SUBJECT" \
${{ env.__CANDIDATES }} \
--shuffle-candidates "$__SHUFFLE_CANDIDATES" \
--header-instructions "$__HEADER_INSTRUCTIONS" \
--footer-instructions "$__FOOTER_INSTRUCTIONS"
env:
GITHUB_TOKEN: ${{ github.token }}
__BRANCH: ${{ steps.data.outputs.branchName }}
__SUBJECT: ${{ fromJSON(steps.data.outputs.json_data).subject }}
__SHUFFLE_CANDIDATES: ${{ fromJSON(steps.data.outputs.json_data).canShuffleCandidates }}
__HEADER_INSTRUCTIONS: ${{ fromJSON(steps.data.outputs.json_data).headerInstructions }}
__FOOTER_INSTRUCTIONS: ${{ fromJSON(steps.data.outputs.json_data).footerInstructions }}
- name: Install ghcommit
run: go install github.com/planetscale/ghcommit@8c6d9af75a7814768ce871cde246224d45bd8c04
- run: git reset HEAD --hard
- name: Generate the vote branch
run: |
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/${{ github.repository }}/git/refs \
-f "ref=refs/heads/${{ steps.data.outputs.branchName }}" -f "sha=$(git rev-parse HEAD^)"
GH_COMMIT_PATH="$(go env GOPATH)/bin/ghcommit" COMMIT_MESSAGE="$(
git log -1 HEAD --pretty=format:%B
)" SHA="$(
git rev-parse HEAD^
)" DELETED_FILES="$(
git show HEAD --name-only --diff-filter=D --pretty=format:
)" ADDED_FILES="$(
git show HEAD --name-only --diff-filter=d --pretty=format:
)" node --input-type=module <<'EOF'
import { spawnSync } from "node:child_process";
const {GH_COMMIT_PATH, COMMIT_MESSAGE, SHA, DELETED_FILES, ADDED_FILES} = process.env;
spawnSync(GH_COMMIT_PATH, [
'-r', ${{ toJSON(github.repository) }},
'-b', ${{ toJSON(steps.data.outputs.branchName) }},
'-m', COMMIT_MESSAGE,
'--sha', SHA,
...DELETED_FILES.split('\n').filter(Boolean).flatMap(file => ['--delete', file]),
...ADDED_FILES.split('\n').filter(Boolean).flatMap(file => ['--add', file]),
], { stdio: 'inherit' });
EOF
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Open the vote PR
run: |
./votes/initiateNewVote/generateNewVotePR.mjs \
--github-repo-name "$GITHUB_REPOSITORY" \
--branch "$__BRANCH" \
--subject "$__SUBJECT" \
--pr-intro "$__PR_INTRO"
env:
GITHUB_TOKEN: ${{ github.token }}
__BRANCH: ${{ steps.data.outputs.branchName }}
__SUBJECT: ${{ fromJSON(steps.data.outputs.json_data).subject }}
__PR_INTRO: ${{ fromJSON(steps.data.outputs.json_data).prBody }}
- name: Remove initiateNewVote branch if there are no open PRs, or revert commit
run: |
set -x
if [[ "$(gh search prs --repo=${{ github.repository }} --state open -B initiateNewVote --jq '. | length' --json id)" == "0" ]]; then
gh api \
--method DELETE \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"/repos/$GITHUB_REPOSITORY/git/$GITHUB_REF"
else
git reset ${{ github.sha }} --hard
git revert HEAD --no-edit
GH_COMMIT_PATH="$(go env GOPATH)/bin/ghcommit" COMMIT_MESSAGE="$(
git log -1 HEAD --pretty=format:%B
)" DELETED_FILES="$(
git show HEAD --name-only --diff-filter=D --pretty=format:
)" ADDED_FILES="$(
git show HEAD --name-only --diff-filter=d --pretty=format:
)" node --input-type=module <<'EOF'
import { spawnSync } from "node:child_process";
const {GH_COMMIT_PATH, COMMIT_MESSAGE, DELETED_FILES, ADDED_FILES} = process.env;
spawnSync(GH_COMMIT_PATH, [
'-r', ${{ toJSON(github.repository) }},
'-b', 'initiateNewVote',
'-m', COMMIT_MESSAGE,
'--sha', ${{ toJSON(github.sha) }},
...DELETED_FILES.split('\n').filter(Boolean).flatMap(file => ['--delete', file]),
...ADDED_FILES.split('\n').filter(Boolean).flatMap(file => ['--add', file]),
], { stdio: 'inherit' });
EOF
fi
env:
GITHUB_TOKEN: ${{ github.token }}